给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)
This commit is contained in:
+4
-3
@@ -75,7 +75,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
||||
const isPublicPath = publicPaths.some(path => pathname.startsWith(path));
|
||||
|
||||
// 获取用户会话(可能包含刷新后的token)
|
||||
const { isAuthenticated, userRole, refreshedSession } = await getUserSession(request);
|
||||
const { isAuthenticated, userRole, refreshedSession, frontendJWT } = await getUserSession(request);
|
||||
// console.log("是否公开路径:", isPublicPath, "是否已认证:", isAuthenticated);
|
||||
|
||||
// 如果访问需要认证的路径但未登录,重定向到登录页
|
||||
@@ -145,6 +145,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
||||
isAuthenticated,
|
||||
userRole,
|
||||
pathname,
|
||||
frontendJWT,
|
||||
ENV: {
|
||||
NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
|
||||
NEXT_PUBLIC_APP_ID: process.env.NEXT_PUBLIC_APP_ID,
|
||||
@@ -182,7 +183,7 @@ export function links() {
|
||||
}
|
||||
|
||||
export default function App() {
|
||||
const { userRole, ENV } = useLoaderData<typeof loader>();
|
||||
const { userRole, ENV, frontendJWT } = useLoaderData<typeof loader>();
|
||||
|
||||
|
||||
return (
|
||||
@@ -215,7 +216,7 @@ export default function App() {
|
||||
<body className="font-sans">
|
||||
<MessageModalProvider>
|
||||
<ToastProvider>
|
||||
<Layout userRole={userRole}>
|
||||
<Layout userRole={userRole} frontendJWT={frontendJWT}>
|
||||
<Outlet />
|
||||
</Layout>
|
||||
<RouteChangeLoader />
|
||||
|
||||
Reference in New Issue
Block a user